Security Consulting
  Unix Administration     Firewall     Intrusion Detection     Network Security     Hacking     MORE     HOME    

Apache

In order to make your system a bit more secure, do the following:
  • On your ApacheWebserver, disallow directory browsing:
      <Directory />
      OPTIONS -Indexes
      </Directory>
  • Further change the following in httpd.conf:
      • ServerSignature Off
      ServerTokens Prod
  • Alson in httpd.conf check your values for: MaxSpareServers, StartServers and MinSpareServers
  • Your docroot should be unwriteable by the group and world as well as owned by your webuser:
      /bin/chown -R -h wwwdocs /usr/local/httpd/htdocs/*
      /bin/chmod -R go-w /usr/local/httpd/htdocs/*
      /bin/chmod -R a+r /usr/local/httpd/htdocs/*

    MD5 Passwords

    For this to work, the module mod_digest.o must be enabled.
    To generate a password for this approach, use the htdigest tool.
      <Directory>
      AUTHTYPE Digest
      AUTHNAME \ldots
      AUTHDIGESTFILE /...
      require valid-user
      </Directory>

    SSL

    Enable SSL in your httpd.conf as follows:
      SSLRequireCiphers [cipherlist]
      SSLRequireCiper [cipherlist]
      SSLBanCipher [cipherlist]
      Cipherlist: RC4-MD5 | RC4-....



    CopyLeft (l) 2003 by Raffael Marty